The changelog for kernel 2.6.25.11 includes just a single entry, however, it seems to be so important that the Kernel Stable Team urgently advises users to upgrade the kernel on 64 bit multiple user systems.

The patch by Geman developer Michael Karcher remove an issue in the local descriptor table (ldt) on x86_64 systems. Details of the bug have not yet been disclosed. In his release announcement Greg Kroah-Hartman writes that systems with unrestricted user accounts should definitely be updated. It can be assumed that logged in users are able to escalate their privileges thanks to the bug.

A couple of days ago, the kernel 2.6.25.10 release removed two vulnerabilities both of which affected the x86_64 platform. The first bug affected several drivers and could be exploited to run arbitrary code, or crash the kernel. The second bug affected the "sys32_ptrace()" function in "arch/x86/kernel/ptrace.c" and could cause an overflow of the "refcount" field in the "task_struct" structure, thus causing a number of system errors.

The bugs affect all 2.6.25 series kernels. The kernel development team urgently advises users to install patches.

Related content

Linus Torvalds has released the new 2.6.25 kernel just slightly behind schedule. Besides improvements to the CFS scheduler and a plethora of new drivers, the kernel also introduces a political aspect: it debars non-GPLd USB drivers.

A controversial patch for the imminent kernel 2.6.25 is causing much debate in the developer community: in a similar move to one he made two years ago, the well-known kernel developer Greg Kroah-Hartman has submitted a patch that prevents closed source USB drivers from using the kernel's USB driver API.